package com.jd.security.config;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;

import javax.annotation.PostConstruct;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.util.AntPathMatcher;

import com.alibaba.fastjson.JSON;

public class CustomInvocationSecurityMetadataSourceImp implements FilterInvocationSecurityMetadataSource {

    private final AntPathMatcher urlMatcher = new AntPathMatcher();

    private HashMap<String, Collection<ConfigAttribute>> resourceMap = null;

    /**
     * 
     * 自定义方法，这个类放入到Spring容器后， 指定init为初始化方法，从数据库中读取资源 TODO(这里用一句话描述这个方法的作用).
     */
    @PostConstruct
    public void init() {
        loadResourceDefine();
    }

    /**
     * 
     * TODO(程序启动的时候就加载所有资源信息).
     */
    private void loadResourceDefine() {
        // 在Web服务器启动时，提取系统中的所有权限。

        /*
         * 应当是资源为key， 权限为value。 资源通常为url， 权限就是那些以ROLE_为前缀的角色。 一个资源可以由多个权限来访问。 sparta
         */
        resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
        ConfigAttribute ca = new SecurityConfig("ROLE_ADMIN");
        Collection<ConfigAttribute> value = new ArrayList<ConfigAttribute>();
        value.add(ca);
        resourceMap.put("/order", value);

        System.out.println("loadResourceDefine" + JSON.toJSONString(resourceMap));

    }

    /**
     * TODO(自定义方法，将List<Role>集合转换为框架需要的Collection<ConfigAttribute>集合).
     */
    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }

    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {

        FilterInvocation fi = (FilterInvocation) object;
        String url = fi.getRequestUrl();

        // String httpMethod = fi.getRequest().getMethod();
        System.out.println(url);
        System.out.println(JSON.toJSONString(resourceMap));
        System.out.println(JSON.toJSONString(urlMatcher));
        for (Map.Entry<String, Collection<ConfigAttribute>> entry : resourceMap.entrySet()) {
            if (url.contains(entry.getKey())) {
                return entry.getValue();
            }
            if (urlMatcher.match(entry.getKey(), url)) {
                return entry.getValue();
            }
        }
        // 没有匹配到,默认是要登录才能访问
        return SecurityConfig.createList("ROLE_ANONYMOUS");
        // return null;
    }

    public static void main(String[] args) {
        AntPathMatcher urlMatcher = new AntPathMatcher();

        System.out.println(urlMatcher.isPattern("/authorities/resources?path=/order"));

        String url = "/authorities/resources?path=/order";
        String path = "/order";
        if (url.contains(path)) {
            System.out.print(123);
        }
        if (urlMatcher.matchStart("/authorities/resources?path=order", "/authorities/resources?path=order")) {
            System.out.print(1);
        } else {
            System.out.print(2);
        }

    }

    @Override
    public boolean supports(Class<?> arg0) {
        // TODO Auto-generated method stub
        return true;
    }
}
